Listen to this article

Sony BMG Music Entertainment, the world’s second largest music label, faces a slew of lawsuits in the US after PC security companies found that copy protection software included on some CDs made PCs vulnerable to hackers.

At least three lawsuits have been filed in California against the company, a joint venture between Japan’s Sony group and Germany’s Bertelsmann.

Sony BMG has declined to identify which CDs include the DRM (digital rights management) software identified by Kaspersky Labs, a Moscow-based PC security firm, and UK-based Sophos as a security vulnerability.

On Thursday Sophos claimed it had found the first “trojan” e-mail virus designed to exploit secret “rootkit” software that a number of Sony BMG music CDs install on owners’ computers when they are played.

This week the Electronic Frontier Foundation, a US-based consumer advocacy group, identified at least 19 Sony BMG music CDs that it claimed installed the software when played on a PC.

The software, created by UK-based First4Internet and known as XCP2, is designed to deter casual piracy by enabling record labels to limit the number of copies that can be made from an original.

However, critics including the EFF claim the software slows down PCs and makes them more susceptible to crashes and third-party attacks. “Since the program is designed to hide itself, users may have trouble diagnosing the problem,” the EFF said.

“Entertainment companies often complain that fans refuse to respect their intellectual property rights,” said Jason Schultz, the EFF’s staff lawyer. “Yet tools like this refuse to respect our own personal property rights. Sony’s tactics here are hypocritical, in addition to being a security threat.”

Sony BMG, which has yet to respond to the claims, was not available for comment.